Blue Yonder
Sr. Cloud Infrastructure Vulnerability Analyst
Blue Yonder, Coppell, Texas, United States, 75019
Role:
Sr. Cloud Infrastructure Vulnerability AnalystLocation:
Dallas, TX or Scottsdale, AZ (remote schedule)Overview:Blue Yonder is a Leading
AI-driven Global Supply Chain Solutions Software Product Company
and one of Glassdoor's
"Best Places to Work"Seeking a Sr. Cloud Infrastructure Vulnerability Analyst responsible for
Cloud Security Posture Management (CSPM) , identifying security vulnerabilities including misconfigurations across cloud infrastructures such as Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS).This candidate will also be responsible for
Cloud Workload Protection (CWP) , providing continuous discovery and monitoring of vulnerabilities in the workloads deployed in the cloud infrastructure.Candidate will be directly responsible for vulnerability management and threat management of the overall infrastructure and information assets.Scope:Core responsibilities include assessing and promoting remediation for all the assets in the Infrastructure as a Service (IaaS) and Software as a Service (SaaS).Candidate will be a key member of the centralized information security team.What you'll do:Discover and continuously monitor for vulnerabilities in the public cloud infrastructure, including cloud workloads such as dockers, Kubernetes, and containers.Create golden images for virtual machines, dockers, and containers.Identify gaps in Identity and Access Management (IAM) in Public Cloud.Perform vulnerability scans and report findings for On-prem and Cloud networks.Publish the vulnerability status reports to senior management and track remediation.Define and participate in the implementation of On-prem and Cloud architecture and security controls.Proactively identify threats and risk remediation.Discover assets in the cloud infrastructure to identify and continuously monitor for security vulnerabilities and misconfigurations.Maintain security by monitoring and ensuring compliance with standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.Upgrade security systems by monitoring the security environment; identifying security gaps; evaluating and implementing enhancements.Participate in and assist with the incident response team, as appropriate.Generate metrics for Management as needed.Prepare system security reports by collecting, analyzing, and summarizing data and trends.What we are looking for:Required Qualifications:6-8 years of proven experience in Information Security or Vulnerability Management.4 years of experience in Cloud Security (Bachelor/Master's degree can be substituted for experience).Strong experience in at least one public cloud infrastructure: Microsoft Azure, Google GCP, or AWS (Azure highly preferred).Experience with at least one of the following Cloud Security Posture Management tools: Wiz, Aqua Security, Prisma Cloud, or Orca.Strong understanding of Threat Sources/Feeds like CISA, Threat Intelligence, and the latest vulnerabilities like Log4J, Spring4shell, etc.Bachelor's degree in Information Security, MIS, or Computer Science.Nice to have Qualifications:Certifications such as CCSK, CCSP, GCSA, Microsoft Certified Azure Security Engineer Associate, CISSP, or equivalent.Strong expertise in Vulnerability and Threat Management, and the ability to condense threat intelligence into actionable communication materials.Thorough understanding of Identity and Access Management best practices in Public Cloud.Deep and diverse experience architecting and implementing network security designs.Expertise in network security, system security, and endpoint security.Thorough understanding of security vulnerabilities and misconfigurations in cloud infrastructure.Familiarity with security frameworks and regulatory requirements such as NIST, ISO 27001/2, and SSAE-18.Experience with products dealing with vulnerability management services such as Qualys, Nessus, Nexpose, etc.Practical experience with the development, implementation, and management of security-related technologies (i.e., SIEM, WAF, AV, Firewalls).Excellent customer service skills, including strong written and oral communication skills.Knowledge of security network devices (firewalls, switches, SIEM, Antivirus, cryptography, etc.) and other security networking hardware/software tools.Demonstrated understanding of information security concepts, standards, and practices.Results-focused with attention to detail.
#J-18808-Ljbffr
Sr. Cloud Infrastructure Vulnerability AnalystLocation:
Dallas, TX or Scottsdale, AZ (remote schedule)Overview:Blue Yonder is a Leading
AI-driven Global Supply Chain Solutions Software Product Company
and one of Glassdoor's
"Best Places to Work"Seeking a Sr. Cloud Infrastructure Vulnerability Analyst responsible for
Cloud Security Posture Management (CSPM) , identifying security vulnerabilities including misconfigurations across cloud infrastructures such as Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS).This candidate will also be responsible for
Cloud Workload Protection (CWP) , providing continuous discovery and monitoring of vulnerabilities in the workloads deployed in the cloud infrastructure.Candidate will be directly responsible for vulnerability management and threat management of the overall infrastructure and information assets.Scope:Core responsibilities include assessing and promoting remediation for all the assets in the Infrastructure as a Service (IaaS) and Software as a Service (SaaS).Candidate will be a key member of the centralized information security team.What you'll do:Discover and continuously monitor for vulnerabilities in the public cloud infrastructure, including cloud workloads such as dockers, Kubernetes, and containers.Create golden images for virtual machines, dockers, and containers.Identify gaps in Identity and Access Management (IAM) in Public Cloud.Perform vulnerability scans and report findings for On-prem and Cloud networks.Publish the vulnerability status reports to senior management and track remediation.Define and participate in the implementation of On-prem and Cloud architecture and security controls.Proactively identify threats and risk remediation.Discover assets in the cloud infrastructure to identify and continuously monitor for security vulnerabilities and misconfigurations.Maintain security by monitoring and ensuring compliance with standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.Upgrade security systems by monitoring the security environment; identifying security gaps; evaluating and implementing enhancements.Participate in and assist with the incident response team, as appropriate.Generate metrics for Management as needed.Prepare system security reports by collecting, analyzing, and summarizing data and trends.What we are looking for:Required Qualifications:6-8 years of proven experience in Information Security or Vulnerability Management.4 years of experience in Cloud Security (Bachelor/Master's degree can be substituted for experience).Strong experience in at least one public cloud infrastructure: Microsoft Azure, Google GCP, or AWS (Azure highly preferred).Experience with at least one of the following Cloud Security Posture Management tools: Wiz, Aqua Security, Prisma Cloud, or Orca.Strong understanding of Threat Sources/Feeds like CISA, Threat Intelligence, and the latest vulnerabilities like Log4J, Spring4shell, etc.Bachelor's degree in Information Security, MIS, or Computer Science.Nice to have Qualifications:Certifications such as CCSK, CCSP, GCSA, Microsoft Certified Azure Security Engineer Associate, CISSP, or equivalent.Strong expertise in Vulnerability and Threat Management, and the ability to condense threat intelligence into actionable communication materials.Thorough understanding of Identity and Access Management best practices in Public Cloud.Deep and diverse experience architecting and implementing network security designs.Expertise in network security, system security, and endpoint security.Thorough understanding of security vulnerabilities and misconfigurations in cloud infrastructure.Familiarity with security frameworks and regulatory requirements such as NIST, ISO 27001/2, and SSAE-18.Experience with products dealing with vulnerability management services such as Qualys, Nessus, Nexpose, etc.Practical experience with the development, implementation, and management of security-related technologies (i.e., SIEM, WAF, AV, Firewalls).Excellent customer service skills, including strong written and oral communication skills.Knowledge of security network devices (firewalls, switches, SIEM, Antivirus, cryptography, etc.) and other security networking hardware/software tools.Demonstrated understanding of information security concepts, standards, and practices.Results-focused with attention to detail.
#J-18808-Ljbffr